[Réglé]Trojan Horse Downloader Generic/Virus id Packed.prot

bluebeck · le 24 Déc 2009 03:03

Bonjour, j'ai un cheval de troie et d'autres infections qui se manifestent de manière systématique à chaque démarrage. Voilà le scan hijackthis, pouvez-vous m'aider?

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\RelevantKnowledge\rlvknlg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE
C:\Program Files\BellCanada\McciTrayApp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\av_md.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Documents and Settings\Alexandre\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Documents and Settings\Alexandre\Mes documents\Téléchargements\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"
O4 - HKLM\..\Run: [BellCanada_McciTrayApp] C:\Program Files\BellCanada\McciTrayApp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Aguxavowiyelukig] rundll32.exe "C:\WINDOWS\edunazobesitefes.dll",Startup
O4 - HKLM\..\Run: [av_md] C:\WINDOWS\system32\av_md.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [av_md] C:\Documents and Settings\Alexandre\av_md.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Alexandre\Application Data\Dropbox\bin\Dropbox.exe
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Assistant Internet.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191008175125
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://joedeefoster.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1216952509647&h=6ece106b173d5762648f5f537851cd9b/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: RelevantKnowledge - C:\Program Files\RelevantKnowledge\rlls.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
____________________

Merci de votre aide

jeanmimigab · le 24 Déc 2009 03:27

salut,

fait cela stp...

>télécharges >> Malwarebytes <<
>Installes le et mets le à jours avant le scan
> choisis "exécuter un examen rapide" et à la fin du scan , coches tous les éléments trouvés,et cliques sur supprimer la sélection.
> et ensuite postes moi le rapport stp.

ensuite...

refait un scan Hijackthis et poste moi le rapport (complet avec son entête) pour voir l'évolution de l'infection en place :wink:

@++

Notre ami

bluebeck · le 24 Déc 2009 05:11

Voici le rapport de Malwarebytes:

Malwarebytes' Anti-Malware 1.42
Version de la base de données: 3421
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2009-12-23 22:53:23
mbam-log-2009-12-23 (22-53-23).txt

Type de recherche: Examen rapide
Eléments examinés: 109794
Temps écoulé: 7 minute(s), 53 second(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 27

Processus mémoire infecté(s):
C:\WINDOWS\system32\av_md.exe (Backdoor.Bot) -> Unloaded process successfully.
C:\Program Files\RelevantKnowledge\rlvknlg.exe (Spyware.MarketScore) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\Program Files\RelevantKnowledge\rlls.dll (Spyware.MarketScore) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\relevantknowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\av_md (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\av_md (Trojan.Dropper) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\RelevantKnowledge (Spyware.MarketScore) -> Delete on reboot.
C:\Program Files\RelevantKnowledge\components (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\RelevantKnowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\av_md.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\SystemProfile\av_md.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\~TM11.tmp (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\~TM13.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\~TMA6.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\~TMD.tmp (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\~TMF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\chrome.manifest (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\install.rdf (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlls.dll (Spyware.MarketScore) -> Delete on reboot.
C:\Program Files\RelevantKnowledge\rloci.bin (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlph.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlservice.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\rlvknlg.exe (Spyware.MarketScore) -> Delete on reboot.
C:\Program Files\RelevantKnowledge\rlxf.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files\RelevantKnowledge\components\rlxg.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\RelevantKnowledge\Support.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\RelevantKnowledge\Uninstall Instructions.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alexandre\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gasfkyllrmobwv.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gasfkyqsalntje.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alexandre\Local Settings\temp\f.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alexandre\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\fvgqad.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\Application Data\fvgqad.dat (Malware.Trace) -> Quarantined and deleted successfully.
__________________________________________

Voici le rapport de Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:03:38, on 2009-12-23
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE
C:\Program Files\BellCanada\McciTrayApp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Documents and Settings\Alexandre\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Documents and Settings\Alexandre\Mes documents\Téléchargements\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"
O4 - HKLM\..\Run: [BellCanada_McciTrayApp] C:\Program Files\BellCanada\McciTrayApp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Aguxavowiyelukig] rundll32.exe "C:\WINDOWS\edunazobesitefes.dll",Startup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Alexandre\Application Data\Dropbox\bin\Dropbox.exe
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Assistant Internet.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191008175125
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://joedeefoster.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1216952509647&h=6ece106b173d5762648f5f537851cd9b/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
___________________________________

Bon alors, ça ressemble à ça. Je note au passage que mon antivirus s'énerve encore. Il retrace un « virus identified packed.Protector C » dans C:\Windows\system32\drivers\atapi.sys et C:\Windows\system32\drivers\cdrom.sys
Ça me semble étrange tout ça. Je vous laisse le soin d'analyser ça. Merci pour votre aide, c'est grandement apprécié.

jeanmimigab · le 24 Déc 2009 12:37

bonjours,

Il retrace un « virus identified packed.Protector C » dans C:\Windows\system32\drivers\atapi.sys et C:\Windows\system32\drivers\cdrom.sys

Hummm, des drivers système patchés par un trojan, Alureon ou peut être une variante de TDSS... :wink:

Si ton anti virus les détecte à nouveau, le seul choix que tu doit faire c'est "réparer le fichier" ou "ignorer l'alerte", mais ne choisie surtout pas "supprimer" ou "mettre en quarantaine"

On va voir si une ou plusieurs copies saine de ces deux drivers se trouvent sur ton pc pour les remplacer.

Fait cela stp...

Désactives ton anti-virus avant de faire toutes ces étapes

Télécharges load_tdsskiller ( par loup_blanc ) sur ton bureau.

Fais un double-clic sur l'icône Load_tdsskiller qui se trouve sur ton bureau et patiente le temps du scan.

Si ton pare-feu te signale que le processus "Wget.exe" tente d'accéder à internet, accepte....

Moins d'une minute après dans la fenêtre noire apparait le message " Appuyez sur un touche pour continuer ", fait un clic dans la fenêtre et appuie sur la touche "entrée".

Ensuite un rapport texte va s'ouvrir, postes son contenu dans ta prochaine réponse.

ensuite...

* Télécharge >> OTL << ( Par oldtimer ) sur ton bureau.

* Fait un double-clic sur l'icône d'OTL pour le lancer

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Output" (en haut à droite) la case "minimal Output" soit cochée.

* Copier et colle le contenue de cette citation dans la partie inférieure d'OTL "Custom scanx/fixes"

%SYSTEMDRIVE%\cdrom.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\ACPI.sys /s /md5
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5
%SYSTEMDRIVE%\nvatabus.sys /s /md5

* Cliques sur l'icône "RunScan" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

@++

Notre ami

bluebeck · le 25 Déc 2009 00:45

Voici le rapport de TDSKiller:

18:14:04:453 4236 TDSSKiller 2.1.1 Dec 20 2009 02:40:02
18:14:04:453 4236 ================================================================================
18:14:04:453 4236 SystemInfo:

18:14:04:453 4236 OS Version: 5.1.2600 ServicePack: 3.0
18:14:04:453 4236 Product type: Workstation
18:14:04:453 4236 ComputerName: ALLEXAND-26130A
18:14:04:453 4236 UserName: Alexandre
18:14:04:453 4236 Windows directory: C:\WINDOWS
18:14:04:453 4236 Processor architecture: Intel x86
18:14:04:453 4236 Number of processors: 2
18:14:04:453 4236 Page size: 0x1000
18:14:04:453 4236 Boot type: Normal boot
18:14:04:453 4236 ================================================================================
18:14:04:453 4236 ForceUnloadDriver: NtUnloadDriver error 2
18:14:04:468 4236 ForceUnloadDriver: NtUnloadDriver error 2
18:14:04:468 4236 ForceUnloadDriver: NtUnloadDriver error 2
18:14:04:468 4236 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\Drivers\KLMD.sys) returned status 0
18:14:04:468 4236 main: Driver KLMD successfully dropped
18:14:04:484 4236 main: Driver KLMD successfully loaded
18:14:04:484 4236
Scanning Registry ...
18:14:04:531 4236 ScanServices: Searching service UACd.sys
18:14:04:531 4236 ScanServices: Open/Create key error 2
18:14:04:531 4236 ScanServices: Searching service TDSSserv.sys
18:14:04:531 4236 ScanServices: Open/Create key error 2
18:14:04:531 4236 ScanServices: Searching service gaopdxserv.sys
18:14:04:531 4236 ScanServices: Open/Create key error 2
18:14:04:531 4236 ScanServices: Searching service gxvxcserv.sys
18:14:04:531 4236 ScanServices: Open/Create key error 2
18:14:04:531 4236 ScanServices: Searching service MSIVXserv.sys
18:14:04:531 4236 ScanServices: Open/Create key error 2
18:14:04:531 4236 UnhookRegistry: Kernel module file name: C:\windows\system32\ntkrnlpa.exe, base addr: 804D7000
18:14:04:531 4236 UnhookRegistry: Kernel local addr: B40000
18:14:04:531 4236 UnhookRegistry: KeServiceDescriptorTable addr: BC5700
18:14:04:609 4236 UnhookRegistry: KiServiceTable addr: B6D460
18:14:04:609 4236 UnhookRegistry: NtEnumerateKey service number (local): 47
18:14:04:609 4236 UnhookRegistry: NtEnumerateKey local addr: C8CFF2
18:14:04:609 4236 KLMD_OpenDevice: Trying to open KLMD device
18:14:04:609 4236 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey
18:14:04:609 4236 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey
18:14:04:609 4236 KLMD_ReadMem: Trying to ReadMemory 0x805002C9[0x4]
18:14:04:609 4236 UnhookRegistry: NtEnumerateKey service number (kernel): 47
18:14:04:609 4236 KLMD_ReadMem: Trying to ReadMemory 0x8050457C[0x4]
18:14:04:609 4236 UnhookRegistry: NtEnumerateKey real addr: 80623FF2
18:14:04:609 4236 UnhookRegistry: NtEnumerateKey calc addr: 80623FF2
18:14:04:609 4236 UnhookRegistry: No SDT hooks found on NtEnumerateKey
18:14:04:609 4236 KLMD_ReadMem: Trying to ReadMemory 0x80623FF2[0xA]
18:14:04:609 4236 UnhookRegistry: No splicing found on NtEnumerateKey
18:14:04:609 4236
Scanning Kernel memory ...
18:14:04:609 4236 KLMD_OpenDevice: Trying to open KLMD device
18:14:04:609 4236 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk
18:14:04:609 4236 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
18:14:04:609 4236 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 8A45EAE0
18:14:04:609 4236 DetectCureTDL3: KLMD_GetDeviceObjectList returned 11 DevObjects
18:14:04:609 4236 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 8A1DD358
18:14:04:609 4236 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A1DD358
18:14:04:609 4236 KLMD_ReadMem: Trying to ReadMemory 0x8A1DD358[0x38]
18:14:04:609 4236 DetectCureTDL3: DRIVER_OBJECT addr: 8A45EAE0
18:14:04:609 4236 KLMD_ReadMem: Trying to ReadMemory 0x8A45EAE0[0xA8]
18:14:04:609 4236 KLMD_ReadMem: Trying to ReadMemory 0xE176CA40[0x208]
18:14:04:609 4236 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
18:14:04:609 4236 DetectCureTDL3: IrpHandler (0) addr: BA91EBB0
18:14:04:609 4236 DetectCureTDL3: IrpHandler (1) addr: 804F4562
18:14:04:609 4236 DetectCureTDL3: IrpHandler (2) addr: BA91EBB0
18:14:04:609 4236 DetectCureTDL3: IrpHandler (3) addr: BA918D1F
18:14:04:609 4236 DetectCureTDL3: IrpHandler (4) addr: BA918D1F
18:14:04:609 4236 DetectCureTDL3: IrpHandler (5) addr: 804F4562
18:14:04:609 4236 DetectCureTDL3: IrpHandler (6) addr: 804F4562
18:14:04:609 4236 DetectCureTDL3: IrpHandler (7) addr: 804F4562
18:14:04:609 4236 DetectCureTDL3: IrpHandler (8) addr: 804F4562
18:14:04:609 4236 DetectCureTDL3: IrpHandler (9) addr: BA9192E2
18:14:04:609 4236 DetectCureTDL3: IrpHandler (10) addr: 804F4562
18:14:04:609 4236 DetectCureTDL3: IrpHandler (11) addr: 804F4562
18:14:04:609 4236 DetectCureTDL3: IrpHandler (12) addr: 804F4562
18:14:04:609 4236 DetectCureTDL3: IrpHandler (13) addr: 804F4562
18:14:04:609 4236 DetectCureTDL3: IrpHandler (14) addr: BA9193BB
18:14:04:609 4236 DetectCureTDL3: IrpHandler (15) addr: BA91CF28
18:14:04:609 4236 DetectCureTDL3: IrpHandler (16) addr: BA9192E2
18:14:04:609 4236 DetectCureTDL3: IrpHandler (17) addr: 804F4562
18:14:04:609 4236 DetectCureTDL3: IrpHandler (18) addr: 804F4562
18:14:04:609 4236 DetectCureTDL3: IrpHandler (19) addr: 804F4562
18:14:04:609 4236 DetectCureTDL3: IrpHandler (20) addr: 804F4562
18:14:04:609 4236 DetectCureTDL3: IrpHandler (21) addr: 804F4562
18:14:04:609 4236 DetectCureTDL3: IrpHandler (22) addr: BA91AC82
18:14:04:609 4236 DetectCureTDL3: IrpHandler (23) addr: BA91F99E
18:14:04:609 4236 DetectCureTDL3: IrpHandler (24) addr: 804F4562
18:14:04:609 4236 DetectCureTDL3: IrpHandler (25) addr: 804F4562
18:14:04:609 4236 DetectCureTDL3: IrpHandler (26) addr: 804F4562
18:14:04:609 4236 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
18:14:04:609 4236 KLMD_ReadMem: DeviceIoControl error 1
18:14:04:609 4236 TDL3_StartIoHookDetect: Unable to get StartIo handler code
18:14:04:609 4236 TDL3_FileDetect: Processing driver: Disk
18:14:04:609 4236 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
18:14:04:609 4236 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
18:14:04:609 4236 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
18:14:04:671 4236 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 8A250848
18:14:04:671 4236 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A250848
18:14:04:671 4236 KLMD_ReadMem: Trying to ReadMemory 0x8A250848[0x38]
18:14:04:671 4236 DetectCureTDL3: DRIVER_OBJECT addr: 8A45EAE0
18:14:04:671 4236 KLMD_ReadMem: Trying to ReadMemory 0x8A45EAE0[0xA8]
18:14:04:671 4236 KLMD_ReadMem: Trying to ReadMemory 0xE176CA40[0x208]
18:14:04:671 4236 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
18:14:04:671 4236 DetectCureTDL3: IrpHandler (0) addr: BA91EBB0
18:14:04:671 4236 DetectCureTDL3: IrpHandler (1) addr: 804F4562
18:14:04:671 4236 DetectCureTDL3: IrpHandler (2) addr: BA91EBB0
18:14:04:671 4236 DetectCureTDL3: IrpHandler (3) addr: BA918D1F
18:14:04:671 4236 DetectCureTDL3: IrpHandler (4) addr: BA918D1F
18:14:04:671 4236 DetectCureTDL3: IrpHandler (5) addr: 804F4562
18:14:04:671 4236 DetectCureTDL3: IrpHandler (6) addr: 804F4562
18:14:04:671 4236 DetectCureTDL3: IrpHandler (7) addr: 804F4562
18:14:04:671 4236 DetectCureTDL3: IrpHandler (8) addr: 804F4562
18:14:04:671 4236 DetectCureTDL3: IrpHandler (9) addr: BA9192E2
18:14:04:671 4236 DetectCureTDL3: IrpHandler (10) addr: 804F4562
18:14:04:671 4236 DetectCureTDL3: IrpHandler (11) addr: 804F4562
18:14:04:671 4236 DetectCureTDL3: IrpHandler (12) addr: 804F4562
18:14:04:671 4236 DetectCureTDL3: IrpHandler (13) addr: 804F4562
18:14:04:671 4236 DetectCureTDL3: IrpHandler (14) addr: BA9193BB
18:14:04:671 4236 DetectCureTDL3: IrpHandler (15) addr: BA91CF28
18:14:04:671 4236 DetectCureTDL3: IrpHandler (16) addr: BA9192E2
18:14:04:671 4236 DetectCureTDL3: IrpHandler (17) addr: 804F4562
18:14:04:671 4236 DetectCureTDL3: IrpHandler (18) addr: 804F4562
18:14:04:671 4236 DetectCureTDL3: IrpHandler (19) addr: 804F4562
18:14:04:671 4236 DetectCureTDL3: IrpHandler (20) addr: 804F4562
18:14:04:671 4236 DetectCureTDL3: IrpHandler (21) addr: 804F4562
18:14:04:671 4236 DetectCureTDL3: IrpHandler (22) addr: BA91AC82
18:14:04:671 4236 DetectCureTDL3: IrpHandler (23) addr: BA91F99E
18:14:04:671 4236 DetectCureTDL3: IrpHandler (24) addr: 804F4562
18:14:04:671 4236 DetectCureTDL3: IrpHandler (25) addr: 804F4562
18:14:04:671 4236 DetectCureTDL3: IrpHandler (26) addr: 804F4562
18:14:04:671 4236 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
18:14:04:671 4236 KLMD_ReadMem: DeviceIoControl error 1
18:14:04:671 4236 TDL3_StartIoHookDetect: Unable to get StartIo handler code
18:14:04:671 4236 TDL3_FileDetect: Processing driver: Disk
18:14:04:671 4236 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
18:14:04:671 4236 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
18:14:04:671 4236 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
18:14:04:687 4236 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 8A0B09D8
18:14:04:687 4236 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A0B09D8
18:14:04:687 4236 KLMD_ReadMem: Trying to ReadMemory 0x8A0B09D8[0x38]
18:14:04:687 4236 DetectCureTDL3: DRIVER_OBJECT addr: 8A45EAE0
18:14:04:687 4236 KLMD_ReadMem: Trying to ReadMemory 0x8A45EAE0[0xA8]
18:14:04:687 4236 KLMD_ReadMem: Trying to ReadMemory 0xE176CA40[0x208]
18:14:04:687 4236 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
18:14:04:687 4236 DetectCureTDL3: IrpHandler (0) addr: BA91EBB0
18:14:04:687 4236 DetectCureTDL3: IrpHandler (1) addr: 804F4562
18:14:04:687 4236 DetectCureTDL3: IrpHandler (2) addr: BA91EBB0
18:14:04:687 4236 DetectCureTDL3: IrpHandler (3) addr: BA918D1F
18:14:04:687 4236 DetectCureTDL3: IrpHandler (4) addr: BA918D1F
18:14:04:687 4236 DetectCureTDL3: IrpHandler (5) addr: 804F4562
18:14:04:687 4236 DetectCureTDL3: IrpHandler (6) addr: 804F4562
18:14:04:687 4236 DetectCureTDL3: IrpHandler (7) addr: 804F4562
18:14:04:687 4236 DetectCureTDL3: IrpHandler (8) addr: 804F4562
18:14:04:687 4236 DetectCureTDL3: IrpHandler (9) addr: BA9192E2
18:14:04:687 4236 DetectCureTDL3: IrpHandler (10) addr: 804F4562
18:14:04:687 4236 DetectCureTDL3: IrpHandler (11) addr: 804F4562
18:14:04:687 4236 DetectCureTDL3: IrpHandler (12) addr: 804F4562
18:14:04:687 4236 DetectCureTDL3: IrpHandler (13) addr: 804F4562
18:14:04:687 4236 DetectCureTDL3: IrpHandler (14) addr: BA9193BB
18:14:04:687 4236 DetectCureTDL3: IrpHandler (15) addr: BA91CF28
18:14:04:687 4236 DetectCureTDL3: IrpHandler (16) addr: BA9192E2
18:14:04:687 4236 DetectCureTDL3: IrpHandler (17) addr: 804F4562
18:14:04:687 4236 DetectCureTDL3: IrpHandler (18) addr: 804F4562
18:14:04:687 4236 DetectCureTDL3: IrpHandler (19) addr: 804F4562
18:14:04:687 4236 DetectCureTDL3: IrpHandler (20) addr: 804F4562
18:14:04:687 4236 DetectCureTDL3: IrpHandler (21) addr: 804F4562
18:14:04:687 4236 DetectCureTDL3: IrpHandler (22) addr: BA91AC82
18:14:04:687 4236 DetectCureTDL3: IrpHandler (23) addr: BA91F99E
18:14:04:687 4236 DetectCureTDL3: IrpHandler (24) addr: 804F4562
18:14:04:687 4236 DetectCureTDL3: IrpHandler (25) addr: 804F4562
18:14:04:687 4236 DetectCureTDL3: IrpHandler (26) addr: 804F4562
18:14:04:687 4236 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
18:14:04:687 4236 KLMD_ReadMem: DeviceIoControl error 1
18:14:04:687 4236 TDL3_StartIoHookDetect: Unable to get StartIo handler code
18:14:04:687 4236 TDL3_FileDetect: Processing driver: Disk
18:14:04:687 4236 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
18:14:04:687 4236 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
18:14:04:687 4236 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
18:14:04:703 4236 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 8A1C0188
18:14:04:703 4236 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A1C0188
18:14:04:703 4236 KLMD_ReadMem: Trying to ReadMemory 0x8A1C0188[0x38]
18:14:04:703 4236 DetectCureTDL3: DRIVER_OBJECT addr: 8A45EAE0
18:14:04:703 4236 KLMD_ReadMem: Trying to ReadMemory 0x8A45EAE0[0xA8]
18:14:04:703 4236 KLMD_ReadMem: Trying to ReadMemory 0xE176CA40[0x208]
18:14:04:703 4236 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
18:14:04:703 4236 DetectCureTDL3: IrpHandler (0) addr: BA91EBB0
18:14:04:703 4236 DetectCureTDL3: IrpHandler (1) addr: 804F4562
18:14:04:703 4236 DetectCureTDL3: IrpHandler (2) addr: BA91EBB0
18:14:04:703 4236 DetectCureTDL3: IrpHandler (3) addr: BA918D1F
18:14:04:703 4236 DetectCureTDL3: IrpHandler (4) addr: BA918D1F
18:14:04:703 4236 DetectCureTDL3: IrpHandler (5) addr: 804F4562
18:14:04:703 4236 DetectCureTDL3: IrpHandler (6) addr: 804F4562
18:14:04:703 4236 DetectCureTDL3: IrpHandler (7) addr: 804F4562
18:14:04:703 4236 DetectCureTDL3: IrpHandler (8) addr: 804F4562
18:14:04:703 4236 DetectCureTDL3: IrpHandler (9) addr: BA9192E2
18:14:04:703 4236 DetectCureTDL3: IrpHandler (10) addr: 804F4562
18:14:04:703 4236 DetectCureTDL3: IrpHandler (11) addr: 804F4562
18:14:04:703 4236 DetectCureTDL3: IrpHandler (12) addr: 804F4562
18:14:04:703 4236 DetectCureTDL3: IrpHandler (13) addr: 804F4562
18:14:04:703 4236 DetectCureTDL3: IrpHandler (14) addr: BA9193BB
18:14:04:703 4236 DetectCureTDL3: IrpHandler (15) addr: BA91CF28
18:14:04:703 4236 DetectCureTDL3: IrpHandler (16) addr: BA9192E2
18:14:04:703 4236 DetectCureTDL3: IrpHandler (17) addr: 804F4562
18:14:04:703 4236 DetectCureTDL3: IrpHandler (18) addr: 804F4562
18:14:04:703 4236 DetectCureTDL3: IrpHandler (19) addr: 804F4562
18:14:04:703 4236 DetectCureTDL3: IrpHandler (20) addr: 804F4562
18:14:04:703 4236 DetectCureTDL3: IrpHandler (21) addr: 804F4562
18:14:04:703 4236 DetectCureTDL3: IrpHandler (22) addr: BA91AC82
18:14:04:703 4236 DetectCureTDL3: IrpHandler (23) addr: BA91F99E
18:14:04:703 4236 DetectCureTDL3: IrpHandler (24) addr: 804F4562
18:14:04:703 4236 DetectCureTDL3: IrpHandler (25) addr: 804F4562
18:14:04:703 4236 DetectCureTDL3: IrpHandler (26) addr: 804F4562
18:14:04:703 4236 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
18:14:04:703 4236 KLMD_ReadMem: DeviceIoControl error 1
18:14:04:703 4236 TDL3_StartIoHookDetect: Unable to get StartIo handler code
18:14:04:703 4236 TDL3_FileDetect: Processing driver: Disk
18:14:04:703 4236 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
18:14:04:703 4236 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
18:14:04:703 4236 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
18:14:04:703 4236 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 8A0BD470
18:14:04:703 4236 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A0BD470
18:14:04:703 4236 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 8A094208
18:14:04:703 4236 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A094208
18:14:04:703 4236 KLMD_ReadMem: Trying to ReadMemory 0x8A094208[0x38]
18:14:04:703 4236 DetectCureTDL3: DRIVER_OBJECT addr: 8A20BE98
18:14:04:703 4236 KLMD_ReadMem: Trying to ReadMemory 0x8A20BE98[0xA8]
18:14:04:703 4236 KLMD_ReadMem: Trying to ReadMemory 0xE17454B8[0x208]
18:14:04:703 4236 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor
18:14:04:703 4236 DetectCureTDL3: IrpHandler (0) addr: BAB85218
18:14:04:703 4236 DetectCureTDL3: IrpHandler (1) addr: 804F4562
18:14:04:703 4236 DetectCureTDL3: IrpHandler (2) addr: BAB85218
18:14:04:703 4236 DetectCureTDL3: IrpHandler (3) addr: BAB8523C
18:14:04:703 4236 DetectCureTDL3: IrpHandler (4) addr: BAB8523C
18:14:04:703 4236 DetectCureTDL3: IrpHandler (5) addr: 804F4562
18:14:04:703 4236 DetectCureTDL3: IrpHandler (6) addr: 804F4562
18:14:04:703 4236 DetectCureTDL3: IrpHandler (7) addr: 804F4562
18:14:04:703 4236 DetectCureTDL3: IrpHandler (8) addr: 804F4562
18:14:04:703 4236 DetectCureTDL3: IrpHandler (9) addr: 804F4562
18:14:04:703 4236 DetectCureTDL3: IrpHandler (10) addr: 804F4562
18:14:04:703 4236 DetectCureTDL3: IrpHandler (11) addr: 804F4562
18:14:04:703 4236 DetectCureTDL3: IrpHandler (12) addr: 804F4562
18:14:04:703 4236 DetectCureTDL3: IrpHandler (13) addr: 804F4562
18:14:04:703 4236 DetectCureTDL3: IrpHandler (14) addr: BAB85180
18:14:04:703 4236 DetectCureTDL3: IrpHandler (15) addr: BAB809E6
18:14:04:703 4236 DetectCureTDL3: IrpHandler (16) addr: 804F4562
18:14:04:703 4236 DetectCureTDL3: IrpHandler (17) addr: 804F4562
18:14:04:703 4236 DetectCureTDL3: IrpHandler (18) addr: 804F4562
18:14:04:703 4236 DetectCureTDL3: IrpHandler (19) addr: 804F4562
18:14:04:703 4236 DetectCureTDL3: IrpHandler (20) addr: 804F4562
18:14:04:703 4236 DetectCureTDL3: IrpHandler (21) addr: 804F4562
18:14:04:703 4236 DetectCureTDL3: IrpHandler (22) addr: BAB845F0
18:14:04:703 4236 DetectCureTDL3: IrpHandler (23) addr: BAB82A6E
18:14:04:703 4236 DetectCureTDL3: IrpHandler (24) addr: 804F4562
18:14:04:703 4236 DetectCureTDL3: IrpHandler (25) addr: 804F4562
18:14:04:703 4236 DetectCureTDL3: IrpHandler (26) addr: 804F4562
18:14:04:703 4236 KLMD_ReadMem: Trying to ReadMemory 0xBAB81F26[0x400]
18:14:04:703 4236 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0
18:14:04:703 4236 TDL3_FileDetect: Processing driver: usbstor
18:14:04:703 4236 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\usbstor, system32\Drivers\usbstor.tsk
18:14:04:703 4236 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys
18:14:04:703 4236 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys
18:14:04:750 4236 DetectCureTDL3: 5 Curr stack PDEVICE_OBJECT: 89D6A240
18:14:04:750 4236 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89D6A240
18:14:04:750 4236 DetectCureTDL3: 5 Curr stack PDEVICE_OBJECT: 8A08CBC0
18:14:04:750 4236 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A08CBC0
18:14:04:750 4236 KLMD_ReadMem: Trying to ReadMemory 0x8A08CBC0[0x38]
18:14:04:750 4236 DetectCureTDL3: DRIVER_OBJECT addr: 8A20BE98
18:14:04:750 4236 KLMD_ReadMem: Trying to ReadMemory 0x8A20BE98[0xA8]
18:14:04:750 4236 KLMD_ReadMem: Trying to ReadMemory 0xE17454B8[0x208]
18:14:04:750 4236 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor
18:14:04:750 4236 DetectCureTDL3: IrpHandler (0) addr: BAB85218
18:14:04:750 4236 DetectCureTDL3: IrpHandler (1) addr: 804F4562
18:14:04:750 4236 DetectCureTDL3: IrpHandler (2) addr: BAB85218
18:14:04:750 4236 DetectCureTDL3: IrpHandler (3) addr: BAB8523C
18:14:04:750 4236 DetectCureTDL3: IrpHandler (4) addr: BAB8523C
18:14:04:750 4236 DetectCureTDL3: IrpHandler (5) addr: 804F4562
18:14:04:750 4236 DetectCureTDL3: IrpHandler (6) addr: 804F4562
18:14:04:750 4236 DetectCureTDL3: IrpHandler (7) addr: 804F4562
18:14:04:750 4236 DetectCureTDL3: IrpHandler (8) addr: 804F4562
18:14:04:750 4236 DetectCureTDL3: IrpHandler (9) addr: 804F4562
18:14:04:750 4236 DetectCureTDL3: IrpHandler (10) addr: 804F4562
18:14:04:750 4236 DetectCureTDL3: IrpHandler (11) addr: 804F4562
18:14:04:750 4236 DetectCureTDL3: IrpHandler (12) addr: 804F4562
18:14:04:750 4236 DetectCureTDL3: IrpHandler (13) addr: 804F4562
18:14:04:750 4236 DetectCureTDL3: IrpHandler (14) addr: BAB85180
18:14:04:750 4236 DetectCureTDL3: IrpHandler (15) addr: BAB809E6
18:14:04:750 4236 DetectCureTDL3: IrpHandler (16) addr: 804F4562
18:14:04:750 4236 DetectCureTDL3: IrpHandler (17) addr: 804F4562
18:14:04:750 4236 DetectCureTDL3: IrpHandler (18) addr: 804F4562
18:14:04:750 4236 DetectCureTDL3: IrpHandler (19) addr: 804F4562
18:14:04:750 4236 DetectCureTDL3: IrpHandler (20) addr: 804F4562
18:14:04:750 4236 DetectCureTDL3: IrpHandler (21) addr: 804F4562
18:14:04:750 4236 DetectCureTDL3: IrpHandler (22) addr: BAB845F0
18:14:04:750 4236 DetectCureTDL3: IrpHandler (23) addr: BAB82A6E
18:14:04:750 4236 DetectCureTDL3: IrpHandler (24) addr: 804F4562
18:14:04:750 4236 DetectCureTDL3: IrpHandler (25) addr: 804F4562
18:14:04:750 4236 DetectCureTDL3: IrpHandler (26) addr: 804F4562
18:14:04:750 4236 KLMD_ReadMem: Trying to ReadMemory 0xBAB81F26[0x400]
18:14:04:750 4236 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0
18:14:04:750 4236 TDL3_FileDetect: Processing driver: usbstor
18:14:04:750 4236 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\usbstor, system32\Drivers\usbstor.tsk
18:14:04:750 4236 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys
18:14:04:750 4236 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys
18:14:04:765 4236 DetectCureTDL3: 6 Curr stack PDEVICE_OBJECT: 8A09D938
18:14:04:765 4236 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A09D938
18:14:04:765 4236 DetectCureTDL3: 6 Curr stack PDEVICE_OBJECT: 8A094EA0
18:14:04:765 4236 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A094EA0
18:14:04:765 4236 KLMD_ReadMem: Trying to ReadMemory 0x8A094EA0[0x38]
18:14:04:765 4236 DetectCureTDL3: DRIVER_OBJECT addr: 8A20BE98
18:14:04:765 4236 KLMD_ReadMem: Trying to ReadMemory 0x8A20BE98[0xA8]
18:14:04:765 4236 KLMD_ReadMem: Trying to ReadMemory 0xE17454B8[0x208]
18:14:04:765 4236 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor
18:14:04:765 4236 DetectCureTDL3: IrpHandler (0) addr: BAB85218
18:14:04:765 4236 DetectCureTDL3: IrpHandler (1) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (2) addr: BAB85218
18:14:04:765 4236 DetectCureTDL3: IrpHandler (3) addr: BAB8523C
18:14:04:765 4236 DetectCureTDL3: IrpHandler (4) addr: BAB8523C
18:14:04:765 4236 DetectCureTDL3: IrpHandler (5) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (6) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (7) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (8) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (9) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (10) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (11) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (12) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (13) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (14) addr: BAB85180
18:14:04:765 4236 DetectCureTDL3: IrpHandler (15) addr: BAB809E6
18:14:04:765 4236 DetectCureTDL3: IrpHandler (16) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (17) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (18) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (19) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (20) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (21) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (22) addr: BAB845F0
18:14:04:765 4236 DetectCureTDL3: IrpHandler (23) addr: BAB82A6E
18:14:04:765 4236 DetectCureTDL3: IrpHandler (24) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (25) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (26) addr: 804F4562
18:14:04:765 4236 KLMD_ReadMem: Trying to ReadMemory 0xBAB81F26[0x400]
18:14:04:765 4236 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0
18:14:04:765 4236 TDL3_FileDetect: Processing driver: usbstor
18:14:04:765 4236 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\usbstor, system32\Drivers\usbstor.tsk
18:14:04:765 4236 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys
18:14:04:765 4236 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys
18:14:04:765 4236 DetectCureTDL3: 7 Curr stack PDEVICE_OBJECT: 8A1C56F8
18:14:04:765 4236 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A1C56F8
18:14:04:765 4236 DetectCureTDL3: 7 Curr stack PDEVICE_OBJECT: 8A0B92B8
18:14:04:765 4236 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A0B92B8
18:14:04:765 4236 KLMD_ReadMem: Trying to ReadMemory 0x8A0B92B8[0x38]
18:14:04:765 4236 DetectCureTDL3: DRIVER_OBJECT addr: 8A20BE98
18:14:04:765 4236 KLMD_ReadMem: Trying to ReadMemory 0x8A20BE98[0xA8]
18:14:04:765 4236 KLMD_ReadMem: Trying to ReadMemory 0xE17454B8[0x208]
18:14:04:765 4236 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor
18:14:04:765 4236 DetectCureTDL3: IrpHandler (0) addr: BAB85218
18:14:04:765 4236 DetectCureTDL3: IrpHandler (1) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (2) addr: BAB85218
18:14:04:765 4236 DetectCureTDL3: IrpHandler (3) addr: BAB8523C
18:14:04:765 4236 DetectCureTDL3: IrpHandler (4) addr: BAB8523C
18:14:04:765 4236 DetectCureTDL3: IrpHandler (5) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (6) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (7) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (8) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (9) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (10) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (11) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (12) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (13) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (14) addr: BAB85180
18:14:04:765 4236 DetectCureTDL3: IrpHandler (15) addr: BAB809E6
18:14:04:765 4236 DetectCureTDL3: IrpHandler (16) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (17) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (18) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (19) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (20) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (21) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (22) addr: BAB845F0
18:14:04:765 4236 DetectCureTDL3: IrpHandler (23) addr: BAB82A6E
18:14:04:765 4236 DetectCureTDL3: IrpHandler (24) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (25) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (26) addr: 804F4562
18:14:04:765 4236 KLMD_ReadMem: Trying to ReadMemory 0xBAB81F26[0x400]
18:14:04:765 4236 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0
18:14:04:765 4236 TDL3_FileDetect: Processing driver: usbstor
18:14:04:765 4236 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\usbstor, system32\Drivers\usbstor.tsk
18:14:04:765 4236 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys
18:14:04:765 4236 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys
18:14:04:765 4236 DetectCureTDL3: 8 Curr stack PDEVICE_OBJECT: 8A3FD8A0
18:14:04:765 4236 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A3FD8A0
18:14:04:765 4236 KLMD_ReadMem: Trying to ReadMemory 0x8A3FD8A0[0x38]
18:14:04:765 4236 DetectCureTDL3: DRIVER_OBJECT addr: 8A45EAE0
18:14:04:765 4236 KLMD_ReadMem: Trying to ReadMemory 0x8A45EAE0[0xA8]
18:14:04:765 4236 KLMD_ReadMem: Trying to ReadMemory 0xE176CA40[0x208]
18:14:04:765 4236 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
18:14:04:765 4236 DetectCureTDL3: IrpHandler (0) addr: BA91EBB0
18:14:04:765 4236 DetectCureTDL3: IrpHandler (1) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (2) addr: BA91EBB0
18:14:04:765 4236 DetectCureTDL3: IrpHandler (3) addr: BA918D1F
18:14:04:765 4236 DetectCureTDL3: IrpHandler (4) addr: BA918D1F
18:14:04:765 4236 DetectCureTDL3: IrpHandler (5) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (6) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (7) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (8) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (9) addr: BA9192E2
18:14:04:765 4236 DetectCureTDL3: IrpHandler (10) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (11) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (12) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (13) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (14) addr: BA9193BB
18:14:04:765 4236 DetectCureTDL3: IrpHandler (15) addr: BA91CF28
18:14:04:765 4236 DetectCureTDL3: IrpHandler (16) addr: BA9192E2
18:14:04:765 4236 DetectCureTDL3: IrpHandler (17) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (18) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (19) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (20) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (21) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (22) addr: BA91AC82
18:14:04:765 4236 DetectCureTDL3: IrpHandler (23) addr: BA91F99E
18:14:04:765 4236 DetectCureTDL3: IrpHandler (24) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (25) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (26) addr: 804F4562
18:14:04:765 4236 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
18:14:04:765 4236 KLMD_ReadMem: DeviceIoControl error 1
18:14:04:765 4236 TDL3_StartIoHookDetect: Unable to get StartIo handler code
18:14:04:765 4236 TDL3_FileDetect: Processing driver: Disk
18:14:04:765 4236 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
18:14:04:765 4236 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
18:14:04:765 4236 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
18:14:04:765 4236 DetectCureTDL3: 9 Curr stack PDEVICE_OBJECT: 8A3FDC68
18:14:04:765 4236 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A3FDC68
18:14:04:765 4236 KLMD_ReadMem: Trying to ReadMemory 0x8A3FDC68[0x38]
18:14:04:765 4236 DetectCureTDL3: DRIVER_OBJECT addr: 8A45EAE0
18:14:04:765 4236 KLMD_ReadMem: Trying to ReadMemory 0x8A45EAE0[0xA8]
18:14:04:765 4236 KLMD_ReadMem: Trying to ReadMemory 0xE176CA40[0x208]
18:14:04:765 4236 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
18:14:04:765 4236 DetectCureTDL3: IrpHandler (0) addr: BA91EBB0
18:14:04:765 4236 DetectCureTDL3: IrpHandler (1) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (2) addr: BA91EBB0
18:14:04:765 4236 DetectCureTDL3: IrpHandler (3) addr: BA918D1F
18:14:04:765 4236 DetectCureTDL3: IrpHandler (4) addr: BA918D1F
18:14:04:765 4236 DetectCureTDL3: IrpHandler (5) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (6) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (7) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (8) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (9) addr: BA9192E2
18:14:04:765 4236 DetectCureTDL3: IrpHandler (10) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (11) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (12) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (13) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (14) addr: BA9193BB
18:14:04:765 4236 DetectCureTDL3: IrpHandler (15) addr: BA91CF28
18:14:04:765 4236 DetectCureTDL3: IrpHandler (16) addr: BA9192E2
18:14:04:765 4236 DetectCureTDL3: IrpHandler (17) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (18) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (19) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (20) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (21) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (22) addr: BA91AC82
18:14:04:765 4236 DetectCureTDL3: IrpHandler (23) addr: BA91F99E
18:14:04:765 4236 DetectCureTDL3: IrpHandler (24) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (25) addr: 804F4562
18:14:04:765 4236 DetectCureTDL3: IrpHandler (26) addr: 804F4562
18:14:04:765 4236 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
18:14:04:765 4236 KLMD_ReadMem: DeviceIoControl error 1
18:14:04:765 4236 TDL3_StartIoHookDetect: Unable to get StartIo handler code
18:14:04:765 4236 TDL3_FileDetect: Processing driver: Disk
18:14:04:765 4236 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk
18:14:04:765 4236 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys
18:14:04:765 4236 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys
18:14:04:765 4236 DetectCureTDL3: 10 Curr stack PDEVICE_OBJECT: 8A400AB8
18:14:04:765 4236 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A400AB8
18:14:04:765 4236 DetectCureTDL3: 10 Curr stack PDEVICE_OBJECT: 8A455F18
18:14:04:765 4236 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A455F18
18:14:04:765 4236 DetectCureTDL3: 10 Curr stack PDEVICE_OBJECT: 8A3D8030
18:14:04:765 4236 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A3D8030
18:14:04:765 4236 KLMD_ReadMem: Trying to ReadMemory 0x8A3D8030[0x38]
18:14:04:765 4236 DetectCureTDL3: DRIVER_OBJECT addr: 8A405F38
18:14:04:765 4236 KLMD_ReadMem: Trying to ReadMemory 0x8A405F38[0xA8]
18:14:04:765 4236 KLMD_ReadMem: Trying to ReadMemory 0xE17687A0[0x208]
18:14:04:765 4236 DetectCureTDL3: DRIVER_OBJECT name: \Driver\nvata, Driver Name: nvata
18:14:04:765 4236 DetectCureTDL3: IrpHandler (0) addr: BA709894
18:14:04:765 4236 DetectCureTDL3: IrpHandler (1) addr: BA709874
18:14:04:765 4236 DetectCureTDL3: IrpHandler (2) addr: BA709894
18:14:04:765 4236 DetectCureTDL3: IrpHandler (3) addr: BA709874
18:14:04:781 4236 DetectCureTDL3: IrpHandler (4) addr: BA709874
18:14:04:781 4236 DetectCureTDL3: IrpHandler (5) addr: BA709874
18:14:04:781 4236 DetectCureTDL3: IrpHandler (6) addr: BA709874
18:14:04:781 4236 DetectCureTDL3: IrpHandler (7) addr: BA709874
18:14:04:781 4236 DetectCureTDL3: IrpHandler (8) addr: BA709874
18:14:04:781 4236 DetectCureTDL3: IrpHandler (9) addr: BA709874
18:14:04:781 4236 DetectCureTDL3: IrpHandler (10) addr: BA709874
18:14:04:781 4236 DetectCureTDL3: IrpHandler (11) addr: BA709874
18:14:04:781 4236 DetectCureTDL3: IrpHandler (12) addr: BA709874
18:14:04:781 4236 DetectCureTDL3: IrpHandler (13) addr: BA709874
18:14:04:781 4236 DetectCureTDL3: IrpHandler (14) addr: BA7098AE
18:14:04:781 4236 DetectCureTDL3: IrpHandler (15) addr: BA709D6E
18:14:04:781 4236 DetectCureTDL3: IrpHandler (16) addr: BA709874
18:14:04:781 4236 DetectCureTDL3: IrpHandler (17) addr: BA709874
18:14:04:781 4236 DetectCureTDL3: IrpHandler (18) addr: BA709874
18:14:04:781 4236 DetectCureTDL3: IrpHandler (19) addr: BA709874
18:14:04:781 4236 DetectCureTDL3: IrpHandler (20) addr: BA709874
18:14:04:781 4236 DetectCureTDL3: IrpHandler (21) addr: BA709874
18:14:04:781 4236 DetectCureTDL3: IrpHandler (22) addr: BA709D0E
18:14:04:781 4236 DetectCureTDL3: IrpHandler (23) addr: BA709A9C
18:14:04:781 4236 DetectCureTDL3: IrpHandler (24) addr: BA709874
18:14:04:781 4236 DetectCureTDL3: IrpHandler (25) addr: BA709874
18:14:04:781 4236 DetectCureTDL3: IrpHandler (26) addr: BA709874
18:14:04:781 4236 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400]
18:14:04:781 4236 KLMD_ReadMem: DeviceIoControl error 1
18:14:04:781 4236 TDL3_StartIoHookDetect: Unable to get StartIo handler code
18:14:04:781 4236 TDL3_FileDetect: Processing driver: nvata
18:14:04:781 4236 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\nvata.sys, C:\WINDOWS\system32\Drivers\nvata.tsk, SYSTEM\CurrentControlSet\Services\nvata, system32\Drivers\nvata.tsk
18:14:04:781 4236 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\nvata.sys
18:14:04:781 4236 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\nvata.sys
18:14:04:812 4236
Completed

Results:
18:14:04:812 4236 Infected objects in memory: 0
18:14:04:812 4236 Cured objects in memory: 0
18:14:04:812 4236 Infected objects on disk: 0
18:14:04:828 4236 Objects on disk cured on reboot: 0
18:14:04:828 4236 Objects on disk deleted on reboot: 0
18:14:04:828 4236 Registry nodes deleted on reboot: 0
18:14:04:828 4236
___________________________________________

Voilà le OTL.txt:

OTL logfile created on: 2009-12-24 18:17:19 - Run 1
OTL by OldTimer - Version 3.1.20.0 Folder = C:\Documents and Settings\Alexandre\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 289,30 Gb Total Space | 139,44 Gb Free Space | 48,20% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 8,78 Gb Total Space | 1,03 Gb Free Space | 11,70% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: ALLEXAND-26130A
Current User Name: Alexandre
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Alexandre\Bureau\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Alexandre\Application Data\Dropbox\bin\Dropbox.exe ()
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\BellCanada\McciTrayApp.exe (Motive Communications, Inc.)
PRC - C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA Corporation)
PRC - C:\Program Files\Logitech\QuickCam10\COCIManager.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
PRC - c:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
PRC - C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe (Logitech Inc.)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe (Apache Software Foundation)
PRC - C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9EA.EXE (SEIKO EPSON CORPORATION)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Alexandre\Bureau\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\edunazobesitefes.dll ()
MOD - C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll (Logitech Inc.)

========== Win32 Services (SafeList) ==========

SRV - (Planificateur LiveUpdate automatique) -- File not found
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (avg8emc) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (McciCMService) -- C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
SRV - (NBService) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
SRV - (NMIndexingService) -- C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (nSvcIp) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation)
SRV - (nSvcLog) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA Corporation)
SRV - (LVSrvLauncher) -- C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (LVPrcSrv) -- c:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (ForcewareWebInterface) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Apache Software Foundation)
SRV - (RichVideo) Cyberlink RichVideo Service(CRVS) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()
SRV - (IDriverT) -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (MSSQL$SONY_MEDIAMGR) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$SONY_MEDIAMGR) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (Cdrom) -- C:\WINDOWS\system32\drivers\cdrom.sys ()
DRV - (atapi) -- C:\WINDOWS\system32\DRIVERS\atapi.sys ()
DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (usbaudio) Pilote USB audio (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (TVICHW32) -- C:\WINDOWS\system32\drivers\TVICHW32.SYS (EnTech Taiwan)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (LVMVDrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (LVcKap) -- C:\WINDOWS\system32\drivers\Lvckap.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_08A0) Logitech QuickCam IM(PID_08A0) -- C:\WINDOWS\system32\drivers\LV302AV.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\WINDOWS\system32\drivers\lv302af.sys (Logitech Inc.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (HSXHWBS2) -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsx) -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSX_DP) -- C:\WINDOWS\system32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CD90268F-2089-4303-BF08-5AEB2EAE0EA0}:1.9.1
FF - prefs.js..extensions.enabledItems: {9AE551A3-8BDE-4FBF-B7A7-E20E53EA0D5F}:1.9.1
FF - prefs.js..extensions.enabledItems: {52D7AAF7-2069-44D5-94E3-D43EDECB1179}:1.9.1
FF - prefs.js..extensions.enabledItems: {3DF8B8B1-2913-4754-B9B7-EAA96A23FFD3}:1.9.1
FF - prefs.js..extensions.enabledItems: {31ECFE49-3A8B-42EB-9B9B-B57CF1963569}:1.9.1
FF - prefs.js..extensions.enabledItems: {EA6828F6-BFD3-4A82-ABD5-0713161DBB71}:1.9.1
FF - prefs.js..extensions.enabledItems: {1D3F5405-FB3A-46A3-BDC2-2DEEE3B54E7E}:1.9.1
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1,*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008-04-05 22:23:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{CD90268F-2089-4303-BF08-5AEB2EAE0EA0}: C:\Documents and Settings\Alexandre\Local Settings\Application Data\{CD90268F-2089-4303-BF08-5AEB2EAE0EA0} [2009-10-04 14:30:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{9AE551A3-8BDE-4FBF-B7A7-E20E53EA0D5F}: C:\Documents and Settings\Alexandre\Local Settings\Application Data\{9AE551A3-8BDE-4FBF-B7A7-E20E53EA0D5F}\ [2009-10-16 16:02:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{52D7AAF7-2069-44D5-94E3-D43EDECB1179}: C:\Documents and Settings\Alexandre\Local Settings\Application Data\{52D7AAF7-2069-44D5-94E3-D43EDECB1179} [2009-10-17 20:53:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3DF8B8B1-2913-4754-B9B7-EAA96A23FFD3}: C:\Documents and Settings\Alexandre\Local Settings\Application Data\{3DF8B8B1-2913-4754-B9B7-EAA96A23FFD3} [2009-10-22 07:27:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge
FF - HKLM\software\mozilla\Firefox\Extensions\\{31ECFE49-3A8B-42EB-9B9B-B57CF1963569}: C:\Documents and Settings\Alexandre\Local Settings\Application Data\{31ECFE49-3A8B-42EB-9B9B-B57CF1963569} [2009-10-24 20:59:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{EA6828F6-BFD3-4A82-ABD5-0713161DBB71}: C:\Documents and Settings\Alexandre\Local Settings\Application Data\{EA6828F6-BFD3-4A82-ABD5-0713161DBB71} [2009-10-26 00:20:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1D3F5405-FB3A-46A3-BDC2-2DEEE3B54E7E}: C:\Documents and Settings\Alexandre\Local Settings\Application Data\{1D3F5405-FB3A-46A3-BDC2-2DEEE3B54E7E} [2009-12-12 11:39:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-12-21 01:06:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-12-16 03:21:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.2.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2009-09-10 23:31:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.2.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2009-10-17 21:49:06 | 00,000,000 | ---D | M]

[2009-10-09 14:47:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alexandre\Application Data\Mozilla\Extensions
[2009-10-18 11:46:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\d61cnbj6.default\extensions
[2009-10-09 14:47:38 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-08-24 14:21:51 | 00,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2009-08-24 14:21:51 | 00,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2009-08-24 14:21:51 | 00,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2009-08-24 14:21:51 | 00,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2009-08-24 14:21:51 | 00,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Aguxavowiyelukig] C:\WINDOWS\edunazobesitefes.DLL ()
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BellCanada_McciTrayApp] C:\Program Files\BellCanada\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Ink Monitor] C:\Program Files\epson\Ink Monitor\InkMonitor.exe (Epson)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [LVCOMSX] C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - Startup: C:\Documents and Settings\Alexandre\Menu Démarrer\Programmes\Démarrage\Dropbox.lnk = C:\Documents and Settings\Alexandre\Application Data\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Documents and Settings\Alexandre\Menu Démarrer\Programmes\Démarrage\Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Assistant Internet.lnk = C:\Program Files\NetAssistant\bin\matcli.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191008175125 (WUWebControl Class)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://joedeefoster.spaces.live.com/PhotoUpload/MsnPUpld.cab (Windows Live Photo Upload Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1216952509647&h=6ece106b173d5762648f5f537851cd9b/&filename=jinstall-6u7-windows-i586-jc.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://www.driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-09-28 10:45:37 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009-12-24 18:15:48 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Alexandre\Bureau\OTL.exe
[2009-12-24 18:13:58 | 00,000,000 | ---D | C] -- C:\tdsskiller
[2009-12-23 22:55:26 | 00,000,000 | ---D | C] -- C:\Avenger
[2009-12-23 22:43:18 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009-12-23 22:43:17 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009-12-23 22:43:17 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009-12-19 15:24:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alexandre\Bureau\Caustic_Window_-_Caustic_Window_Compilation_CompleteAlbum_256kBit_shared_by_ME
[2009-12-12 11:39:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alexandre\Local Settings\Application Data\{1D3F5405-FB3A-46A3-BDC2-2DEEE3B54E7E}
[2009-09-18 17:22:24 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009-09-18 17:22:24 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009-09-18 17:22:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009-09-18 17:22:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009-01-03 15:17:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009-12-24 18:16:24 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alexandre\Bureau\OTL.exe
[2009-12-24 18:11:38 | 00,000,120 | ---- | M] () -- C:\WINDOWS\Qqugilulokuzoxuf.dat
[2009-12-24 18:09:57 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\iTunes.lnk
[2009-12-24 08:24:54 | 46,994,093 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009-12-24 08:24:54 | 00,127,929 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009-12-24 01:52:17 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009-12-24 00:39:09 | 06,029,312 | -H-- | M] () -- C:\Documents and Settings\Alexandre\NTUSER.DAT
[2009-12-24 00:17:33 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Dtehikuw.bin
[2009-12-23 22:55:52 | 00,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009-12-23 22:55:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-12-23 22:55:42 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-12-23 22:54:34 | 00,000,284 | -HS- | M] () -- C:\Documents and Settings\Alexandre\ntuser.ini
[2009-12-23 22:43:21 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2009-12-23 20:42:08 | 00,000,855 | ---- | M] () -- C:\Documents and Settings\Alexandre\Bureau\Raccourci vers HiJackThis.exe.lnk
[2009-12-23 20:26:54 | 00,114,656 | ---- | M] () -- C:\WINDOWS\System32\drivers\cdrom.sys
[2009-12-22 01:17:21 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-12-20 02:24:35 | 00,002,551 | ---- | M] () -- C:\Documents and Settings\Alexandre\Bureau\Microsoft Word.lnk
[2009-12-20 00:58:01 | 00,002,596 | ---- | M] () -- C:\Documents and Settings\Alexandre\.powerupdate.user.properties
[2009-12-19 15:17:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009-12-18 13:03:10 | 00,216,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-12-17 17:23:13 | 00,011,099 | ---- | M] () -- C:\Documents and Settings\Alexandre\.recently-used.xbel
[2009-12-17 14:53:47 | 00,037,048 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2009-12-17 14:04:08 | 00,057,992 | ---- | M] () -- C:\Documents and Settings\Alexandre\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009-12-16 13:15:22 | 00,148,192 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2009-12-09 18:14:01 | 00,528,154 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2009-12-09 18:14:00 | 00,458,954 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-12-09 18:14:00 | 00,092,210 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2009-12-09 18:14:00 | 00,078,744 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-12-09 18:13:59 | 01,174,068 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-12-09 17:07:32 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009-12-08 22:13:39 | 00,000,116 | ---- | M] () -- C:\WINDOWS\System32\fjhdyfhsn.bat
[2009-12-06 21:48:13 | 00,044,032 | ---- | M] () -- C:\Documents and Settings\Alexandre\Mes documents\Encore cinq minutesII.doc
[2009-12-03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009-12-03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009-11-25 00:29:40 | 00,023,040 | ---- | M] () -- C:\Documents and Settings\Alexandre\Mes documents\Mot sur la littérature franco ontarienne.doc
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009-12-23 22:43:21 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2009-12-23 20:42:08 | 00,000,855 | ---- | C] () -- C:\Documents and Settings\Alexandre\Bureau\Raccourci vers HiJackThis.exe.lnk
[2009-12-17 17:23:13 | 00,011,099 | ---- | C] () -- C:\Documents and Settings\Alexandre\.recently-used.xbel
[2009-12-07 09:24:49 | 00,000,116 | ---- | C] () -- C:\WINDOWS\System32\fjhdyfhsn.bat
[2009-11-26 22:58:41 | 00,044,032 | ---- | C] () -- C:\Documents and Settings\Alexandre\Mes documents\Encore cinq minutesII.doc
[2009-11-25 00:29:40 | 00,023,040 | ---- | C] () -- C:\Documents and Settings\Alexandre\Mes documents\Mot sur la littérature franco ontarienne.doc
[2009-10-16 16:10:42 | 00,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008-11-03 22:57:36 | 00,005,087 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ywasvxup.hvs
[2008-11-03 22:57:28 | 00,000,065 | ---- | C] () -- C:\WINDOWS\IniFile1.ini
[2008-05-04 17:31:39 | 00,022,334 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008-01-29 01:04:19 | 00,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2007-10-17 22:59:34 | 00,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007-10-11 19:08:31 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007-10-09 01:30:53 | 00,009,216 | ---- | C] () -- C:\Documents and Settings\Alexandre\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007-10-01 19:01:36 | 00,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2007-10-01 16:30:59 | 00,000,156 | ---- | C] () -- C:\WINDOWS\Kpcms.ini
[2007-10-01 16:30:51 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2007-10-01 15:58:41 | 00,003,946 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007-10-01 15:31:51 | 00,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2007-10-01 15:23:14 | 00,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007-10-01 15:21:22 | 00,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2007-10-01 15:21:22 | 00,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2007-10-01 15:20:01 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2007-10-01 15:19:20 | 00,000,044 | ---- | C] () -- C:\WINDOWS\EPCX6600.ini
[2007-10-01 14:31:42 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2007-10-01 14:31:41 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2007-09-29 10:27:34 | 00,000,286 | ---- | C] () -- C:\WINDOWS\System32\Oeminfo.ini
[2007-09-29 09:44:23 | 00,000,132 | ---- | C] () -- C:\Documents and Settings\Alexandre\Local Settings\Application Data\fusioncache.dat
[2007-07-25 15:24:30 | 01,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006-10-22 11:22:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006-10-22 11:22:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006-10-22 11:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006-10-22 11:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006-10-22 11:22:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006-10-22 11:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006-10-22 11:22:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006-06-26 09:33:40 | 00,023,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2006-03-02 07:00:00 | 00,164,864 | ---- | C] () -- C:\WINDOWS\edunazobesitefes.dll
[2006-03-02 07:00:00 | 00,148,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2006-03-02 07:00:00 | 00,114,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\cdrom.sys
[2006-02-26 16:08:28 | 00,585,728 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[1999-01-22 14:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Custom Scans ==========

< %SYSTEMDRIVE%\cdrom.sys /s /md5 >
[2006-03-02 07:00:00 | 00,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
[2008-04-13 13:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2009-12-23 20:26:54 | 00,114,656 | ---- | M] () MD5=D0A146C779C1CA0A7451AE7A21411110 -- C:\WINDOWS\system32\drivers\cdrom.sys

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2006-03-02 07:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008-04-13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2009-12-16 13:15:22 | 00,148,192 | ---- | M] () MD5=FA90C295146251DC95609C373F29E234 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006-03-02 07:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys

< %SYSTEMDRIVE%\ACPI.sys /s /md5 >
[2006-03-02 07:00:00 | 00,188,672 | ---- | M] (Microsoft Corporation) MD5=0BD94FBFC14EA3606CD6CA4C0255BAA3 -- C:\WINDOWS\$NtServicePackUninstall$\acpi.sys
[2008-04-13 20:52:42 | 00,188,672 | ---- | M] (Microsoft Corporation) MD5=E5E6DBFC41EA8AAD005CB9A57A96B43B -- C:\WINDOWS\ServicePackFiles\i386\acpi.sys
[2008-04-13 20:52:42 | 00,188,672 | ---- | M] (Microsoft Corporation) MD5=E5E6DBFC41EA8AAD005CB9A57A96B43B -- C:\WINDOWS\system32\drivers\acpi.sys

< %SYSTEMDRIVE%\*.exe >
[2006-04-14 23:05:02 | 00,009,952 | ---- | M] () -- C:\regxpcom.exe

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2008-04-13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008-04-13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008-04-13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >
[2006-04-24 16:52:28 | 00,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\NVIDIA\nForceWinXP\11.09\MCP51\IDE\Win2K\sataraid\nvatabus.sys
[2006-04-24 16:52:28 | 00,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\NVIDIA\nForceWinXP\11.09\MCP51\IDE\WinXP\sataraid\nvatabus.sys
[2006-08-14 12:51:28 | 00,105,344 | ---- | M] (NVIDIA Corporation) MD5=947C4A0E7B25BCECC3B40F0F1070378B -- C:\NVIDIA\nForceWinXP\11.09\MCP61\IDE\Win2K\sataraid\nvatabus.sys
[2006-08-14 12:51:28 | 00,105,344 | ---- | M] (NVIDIA Corporation) MD5=947C4A0E7B25BCECC3B40F0F1070378B -- C:\NVIDIA\nForceWinXP\11.09\MCP61\IDE\WinXP\sataraid\nvatabus.sys

< >

< :Files >

< C:\WINDOWS\edunazobesitefes.dll >
[2008-04-13 21:33:48 | 00,164,864 | ---- | M] () -- C:\WINDOWS\edunazobesitefes.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< :reg >

< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] >

< "Aguxavowiyelukig"=- >

========== Alternate Data Streams ==========

@Alternate Data Stream - 3020 bytes -> C:\Documents and Settings\All Users\Application Data\rkfree:cfg
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8F820DC
< End of report >

____________________________________

Et le Extra.txt:

OTL Extras logfile created on: 2009-12-24 18:17:19 - Run 1
OTL by OldTimer - Version 3.1.20.0 Folder = C:\Documents and Settings\Alexandre\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 289,30 Gb Total Space | 139,44 Gb Free Space | 48,20% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 8,78 Gb Total Space | 1,03 Gb Free Space | 11,70% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: ALLEXAND-26130A
Current User Name: Alexandre
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe"

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\BitTorrent_DNA\dna.exe" = C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:BitTorrent DNA -- ()
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Documents and Settings\Alexandre\Mes documents\eMule\emule.exe" = C:\Documents and Settings\Alexandre\Mes documents\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- ()
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\IHMC CmapTools\jre\bin\javaw.exe" = C:\Program Files\IHMC CmapTools\jre\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\Alexandre\Local Settings\temp\~os23.tmp\rlvknlg.exe" = C:\Documents and Settings\Alexandre\Local Settings\temp\~os23.tmp\rlvknlg.exe:*:Enabled:rlvknlg.exe -- File not found
"c:\program files\relevantknowledge\rlvknlg.exe" = c:\program files\relevantknowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0000040C-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A2AF807-9F9F-43C9-A24A-17B617238B74}" = OpenOffice.org Installer 1.0
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{66C8BE35-8BBB-472B-96C7-C7C9A499F988}" = PhotoImpression 5
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6901DD22-527A-41EF-9059-E81FEDE9E494}" = Windows Presentation Foundation Language Pack (FRA)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A750221-B84D-419D-B11C-5F597FDBA826}" = Movavi Video Converter 6
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}" = UMVPLStandalone
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AAB93551-3FFE-42B2-8315-96252BBC1033}" = Nero 7 Essentials
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1036-7B44-A81200000003}" = Adobe Reader 8.1.2 - Français
"{B168C59D-5FCF-4EEC-B464-BFA7A8266150}" = Windows Communication Foundation Language Pack - FRA
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B84C141C-9A13-44BE-9A69-301D7B11D836}" = Windows Workflow Foundation FR Language Pack
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C48817E7-AA05-4151-A99D-1E1E550CE801}" = EPSON PhotoStarter3.1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}" = Assistant de connexion Windows Live
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}" = Microsoft .NET Framework 3.0 French Language Pack
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC}" = Logitech QuickCam
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = Utilitaire de configuration iPhone
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe PageMaker 7.0" = Adobe PageMaker 7.0
"AVG8Uninstall" = AVG Free 8.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
"dBpowerAMP Mp4 Codec" = dBpowerAMP Mp4 Codec
"dBpowerAMP Musepack Codec" = dBpowerAMP Musepack Codec
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"dBpowerAMP Nero Mp4 Codec" = dBpowerAMP Nero Mp4 Codec
"dBpowerAMP Ogg Vorbis Codec" = dBpowerAMP Ogg Vorbis Codec
"DVD Shrink_is1" = DVD Shrink 3.2
"EPSON Printer and Utilities" = EPSON Logiciel imprimante
"EPSON Scanner" = EPSON Scan
"FL Studio 7" = FL Studio 7
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.81
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IHMC CmapTools v5.03" = IHMC CmapTools v5.03
"IL Download Manager" = IL Download Manager
"Ink Monitor" = Ink Monitor
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"LimeWire" = LimeWire 4.18.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
"Microsoft .NET Framework 3.0 French Language Pack" = Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Netscape Browser" = Netscape Browser (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"QcDrv" = Programme de gestion Camera de Logitech®
"RealPlayer 6.0" = RealPlayer
"Silent Package Run-Time Sample" = Guide de référence EPSON
"Vérification Internet" = Vérification Internet
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinLiveSuite_Wave3" = Installation Windows Live
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2009-12-09 18:02:41 | Computer Name = ALLEXAND-26130A | Source = Application Error | ID = 1000
Description = Application défaillante MRT.exe, version 3.2.3202.0, module défaillant
MRT.exe, version 3.2.3202.0, adresse de défaillance 0x0002885f.

Error - 2009-12-16 02:15:15 | Computer Name = ALLEXAND-26130A | Source = Application Error | ID = 1000
Description = Application défaillante firefox.exe, version 1.9.1.3593, module défaillant
edunazobesitefes.dll, version 0.0.0.0, adresse de défaillance 0x0001d49b.

Error - 2009-12-16 04:21:16 | Computer Name = ALLEXAND-26130A | Source = Application Error | ID = 1000
Description = Application défaillante firefox.exe, version 1.9.1.3593, module défaillant
edunazobesitefes.dll, version 0.0.0.0, adresse de défaillance 0x0001d49b.

Error - 2009-12-18 00:40:33 | Computer Name = ALLEXAND-26130A | Source = Windows Live Messenger | ID = 1000
Description =

Error - 2009-12-23 05:50:55 | Computer Name = ALLEXAND-26130A | Source = WindowsLiveMessenger | ID = 15728647
Description =

Error - 2009-12-23 21:17:58 | Computer Name = ALLEXAND-26130A | Source = Application Error | ID = 1000
Description = Application défaillante lsass.exe, version 5.1.2600.5512, module défaillant
msabsiud.dll, version 0.0.0.0, adresse de défaillance 0x00005eab.

Error - 2009-12-23 21:18:29 | Computer Name = ALLEXAND-26130A | Source = Winlogon | ID = 1015
Description = Le processus critique du système, C:\WINDOWS\system32\lsass.exe, a
échoué avec un code d'état c0000005. L'ordinateur doit maintenant être redémarré.

Error - 2009-12-23 23:53:26 | Computer Name = ALLEXAND-26130A | Source = Application Error | ID = 1000
Description = Application défaillante wmplayer.exe, version 11.0.5721.5145, module
défaillant ntdll.dll, version 5.1.2600.5755, adresse de défaillance 0x0000100b.

Error - 2009-12-23 23:53:46 | Computer Name = ALLEXAND-26130A | Source = Application Error | ID = 1000
Description = Application défaillante iexplore.exe, version 7.0.6000.16945, module
défaillant mshtml.dll, version 7.0.6000.16945, adresse de défaillance 0x000bdbd1.

[ System Events ]
Error - 2009-12-20 18:23:06 | Computer Name = ALLEXAND-26130A | Source = W32Time | ID = 39452689
Description = Fournisseur de temps NtpClient : une erreur s'est produite lors de
la recherche DNS de l'homologue manuellement configuré 'time.windows.com,0x1'. NtpClient
va essayer à nouveau la recherche DNS dans 15 minutes. L'erreur était : Une opération
a été tentée sur un hôte impossible à atteindre. (0x80072751)

Error - 2009-12-20 18:23:06 | Computer Name = ALLEXAND-26130A | Source = W32Time | ID = 39452701
Description = Le fournisseur de temps NtpClient est configuré pour acquérir le temps
à partir d'une ou plusieurs sources de temps, cependant aucune source n'est actuellement
accessible. Aucune tentative pour en contacter une ne sera effectuée d'ici 14 minutes.
NtpClient
n'a pas de source de temps précis.

Error - 2009-12-20 22:21:54 | Computer Name = ALLEXAND-26130A | Source = Service Control Manager | ID = 7000
Description = Le service Planificateur LiveUpdate automatique n'a pas pu démarrer
en raison de l'erreur : %%3

Error - 2009-12-22 02:17:45 | Computer Name = ALLEXAND-26130A | Source = Service Control Manager | ID = 7000
Description = Le service Planificateur LiveUpdate automatique n'a pas pu démarrer
en raison de l'erreur : %%3

Error - 2009-12-22 05:42:37 | Computer Name = ALLEXAND-26130A | Source = Service Control Manager | ID = 7000
Description = Le service Planificateur LiveUpdate automatique n'a pas pu démarrer
en raison de l'erreur : %%3

Error - 2009-12-22 23:17:11 | Computer Name = ALLEXAND-26130A | Source = Service Control Manager | ID = 7000
Description = Le service Planificateur LiveUpdate automatique n'a pas pu démarrer
en raison de l'erreur : %%3

Error - 2009-12-23 21:00:07 | Computer Name = ALLEXAND-26130A | Source = Service Control Manager | ID = 7000
Description = Le service Planificateur LiveUpdate automatique n'a pas pu démarrer
en raison de l'erreur : %%3

Error - 2009-12-23 21:16:59 | Computer Name = ALLEXAND-26130A | Source = Service Control Manager | ID = 7000
Description = Le service Planificateur LiveUpdate automatique n'a pas pu démarrer
en raison de l'erreur : %%3

Error - 2009-12-23 21:24:24 | Computer Name = ALLEXAND-26130A | Source = Service Control Manager | ID = 7000
Description = Le service Planificateur LiveUpdate automatique n'a pas pu démarrer
en raison de l'erreur : %%3

Error - 2009-12-23 23:56:09 | Computer Name = ALLEXAND-26130A | Source = Service Control Manager | ID = 7000
Description = Le service Planificateur LiveUpdate automatique n'a pas pu démarrer
en raison de l'erreur : %%3

< End of report >
______________________________

Et maintenant quoi?

jeanmimigab · le 25 Déc 2009 01:40

hello,

bon pas de trace du trojan TdSS mais les deux drivers sont bien patchés (mofifiés) par l'infection...et surtout le rapport OTL mets en évidence un autre type d'infection ( vundo et présence de flux ADS).

J'ai besoin de savoir une chose importante, est ce que c'est toi qui a installer le Keylogger RKFree sur ce pc ??

fait cela stp...

.désactive ton Anti-virus le temps de faire ces manipulations.

>>Télécharge Winsockxpfix sur ton bureau et passe à la suite.

==========================================================================================================

ensuite...

Télécharge Combofix sur ton Bureau (et pas ailleurs)

Double clique ComboFix.exe pour démarrer le scan et suis les instructions indiquées par combofix.
Si Combofix te demande te demande l'autorisation de télécharger et installer la console de récupération Windows, accèpte et suis les instructions.
Lorsque le scan sera complet, un rapport apparaîtra, enregistre le sur ton bureau.
Redémarre impérativement ton pc !!
Copie/colle le rapport combofix dans ta prochaine réponse

NOTE : Le rapport se trouve également ici : C:\Combofix.txt
NOTE : Ne pas cliquer dans la fenêtre de Combofix durant l'analyse ; ceci provoquerait le gel du programme.

=========================================================================================================

si a tout hasard ta connexion internet n'est plus active après le redémarrage du pc fait cela pour la réparer...

Fait un double clic sur l'icône

de WinsockXPFix.

>>clique sur "Fix" > et si ton pc ne redémarre pas,redémarre le manuellement.

@++

bluebeck · le 25 Déc 2009 02:32

Pas de problèmes, le keylogger, c'est de mon initiative...

___________________________________________________________________
ComboFix 09-12-24.02 - Alexandre 2009-12-24 20:13:30.2.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.2.1036.18.1918.1043 [GMT -5:00]
Lancé depuis: c:\documents and settings\Alexandre\Bureau\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Alexandre\Local Settings\Application Data\{1D3F5405-FB3A-46A3-BDC2-2DEEE3B54E7E}
c:\documents and settings\Alexandre\Local Settings\Application Data\{1D3F5405-FB3A-46A3-BDC2-2DEEE3B54E7E}\chrome.manifest
c:\documents and settings\Alexandre\Local Settings\Application Data\{1D3F5405-FB3A-46A3-BDC2-2DEEE3B54E7E}\chrome\content\_cfg.js
c:\documents and settings\Alexandre\Local Settings\Application Data\{1D3F5405-FB3A-46A3-BDC2-2DEEE3B54E7E}\chrome\content\overlay.xul
c:\documents and settings\Alexandre\Local Settings\Application Data\{1D3F5405-FB3A-46A3-BDC2-2DEEE3B54E7E}\install.rdf
c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\edunazobesitefes.dll

Une copie infectée de c:\windows\system32\Drivers\atapi.sys a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\ServicePackFiles\i386\atapi.sys

Une copie infectée de c:\windows\system32\drivers\cdrom.sys a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\ServicePackFiles\i386\cdrom.sys

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-11-25 au 2009-12-25 ))))))))))))))))))))))))))))))))))))
.

2009-12-24 23:13 . 2009-12-24 23:14 -------- d-----w- C:\tdsskiller
2009-12-24 03:43 . 2009-12-03 21:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-24 03:43 . 2009-12-24 03:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-24 03:43 . 2009-12-03 21:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-11 17:10 . 2009-12-11 17:10 2065688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-12-11 17:10 . 2009-11-26 01:32 3514648 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-12-11 17:10 . 2009-11-26 01:32 2029336 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe
2009-12-07 14:24 . 2009-12-09 03:13 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-25 01:19 . 2009-11-08 04:03 -------- d-----w- c:\documents and settings\Alexandre\Application Data\Dropbox
2009-12-24 23:11 . 2009-10-04 19:30 120 ----a-w- c:\windows\Qqugilulokuzoxuf.dat
2009-12-24 05:17 . 2009-10-04 19:30 0 ----a-w- c:\windows\Dtehikuw.bin
2009-12-22 07:49 . 2007-10-03 04:29 -------- d-----w- c:\documents and settings\Alexandre\Application Data\LimeWire
2009-12-20 05:59 . 2009-10-02 21:27 -------- d-----w- c:\documents and settings\Alexandre\Application Data\CmapTools
2009-12-18 22:29 . 2009-10-26 00:36 -------- d-----w- c:\program files\eMusic Download Manager
2009-12-18 22:29 . 2009-10-26 00:36 -------- d-----w- c:\documents and settings\Alexandre\Application Data\eMusic
2009-12-17 22:23 . 2009-06-24 18:45 -------- d-----w- c:\documents and settings\Alexandre\Application Data\gtk-2.0
2009-12-17 19:53 . 2009-09-09 19:18 37048 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-17 19:04 . 2007-09-29 14:04 57992 ----a-w- c:\documents and settings\Alexandre\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-09 23:14 . 2006-03-02 12:00 528154 ----a-w- c:\windows\system32\perfh00C.dat
2009-12-09 23:14 . 2006-03-02 12:00 92210 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-16 04:38 . 2008-06-01 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-11-08 04:04 . 2009-11-08 04:04 89962 ----a-w- c:\documents and settings\Alexandre\Application Data\Dropbox\bin\Uninstall.exe
2009-10-29 07:44 . 2006-03-02 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:44 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:44 . 2006-03-02 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:39 . 2006-03-02 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:39 . 2006-03-02 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2006-03-02 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-18 02:50 . 2009-10-18 02:50 1925024 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2009-10-13 10:33 . 2006-03-02 12:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:39 . 2006-03-02 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:39 . 2006-03-02 12:00 150528 ----a-w- c:\windows\system32\rastls.dll
2009-10-09 19:57 . 2009-10-09 19:57 40 ----a-w- c:\documents and settings\Alexandre\language.dat
2009-10-09 01:18 . 2009-10-09 01:18 26805255 ----a-w- c:\documents and settings\Alexandre\Application Data\Dropbox\bin\Dropbox.exe
2009-10-08 21:18 . 2009-10-08 21:18 499712 ----a-w- c:\documents and settings\Alexandre\Application Data\Dropbox\bin\msvcp71.dll
2009-10-08 21:18 . 2009-10-08 21:18 348160 ----a-w- c:\documents and settings\Alexandre\Application Data\Dropbox\bin\msvcr71.dll
2009-10-08 21:18 . 2009-10-08 21:18 77824 ----a-w- c:\documents and settings\Alexandre\Application Data\Dropbox\bin\DropboxExt.3.dll
2009-09-27 14:30 . 2009-09-27 14:30 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\documents and settings\Alexandre\Application Data\Dropbox\bin\DropboxExt.3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\documents and settings\Alexandre\Application Data\Dropbox\bin\DropboxExt.3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\documents and settings\Alexandre\Application Data\Dropbox\bin\DropboxExt.3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"Ink Monitor"="c:\program files\EPSON\Ink Monitor\InkMonitor.exe" [2004-05-05 262210]
"EPSON Stylus CX6600 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE" [2004-03-01 98304]
"BellCanada_McciTrayApp"="c:\program files\BellCanada\McciTrayApp.exe" [2007-11-19 1468928]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-06 185896]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]
"LVCOMSX"="c:\program files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-11 2043160]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Alexandre\Menu D‚marrer\Programmes\D‚marrage\
Dropbox.lnk - c:\documents and settings\Alexandre\Application Data\Dropbox\bin\Dropbox.exe [2009-10-8 26805255]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-18 22:04 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-12-23 22:05 143360 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 02:33 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-06 02:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 19:40 155648 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-10-22 16:22 7700480 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-10-22 16:22 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-10-22 16:22 1622016 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 19:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-09-11 20:54 16844800 ----a-w- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Documents and Settings\\Alexandre\\Mes documents\\eMule\\emule.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\IHMC CmapTools\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-06-01 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-06-01 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-06 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-06 297752]
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
FF - ProfilePath - c:\documents and settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\d61cnbj6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {CD90268F-2089-4303-BF08-5AEB2EAE0EA0} - c:\documents and settings\Alexandre\Local Settings\Application Data\{CD90268F-2089-4303-BF08-5AEB2EAE0EA0}
FF - HiddenExtension: XULRunner: {9AE551A3-8BDE-4FBF-B7A7-E20E53EA0D5F} - c:\documents and settings\Alexandre\Local Settings\Application Data\{9AE551A3-8BDE-4FBF-B7A7-E20E53EA0D5F}\
FF - HiddenExtension: XULRunner: {52D7AAF7-2069-44D5-94E3-D43EDECB1179} - c:\documents and settings\Alexandre\Local Settings\Application Data\{52D7AAF7-2069-44D5-94E3-D43EDECB1179}
FF - HiddenExtension: XULRunner: {3DF8B8B1-2913-4754-B9B7-EAA96A23FFD3} - c:\documents and settings\Alexandre\Local Settings\Application Data\{3DF8B8B1-2913-4754-B9B7-EAA96A23FFD3}
FF - HiddenExtension: XULRunner: {31ECFE49-3A8B-42EB-9B9B-B57CF1963569} - c:\documents and settings\Alexandre\Local Settings\Application Data\{31ECFE49-3A8B-42EB-9B9B-B57CF1963569}
FF - HiddenExtension: XULRunner: {EA6828F6-BFD3-4A82-ABD5-0713161DBB71} - c:\documents and settings\Alexandre\Local Settings\Application Data\{EA6828F6-BFD3-4A82-ABD5-0713161DBB71}
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-Aguxavowiyelukig - c:\windows\edunazobesitefes.dll
MSConfigStartUp-Alcmtr - ALCMTR.EXE
MSConfigStartUp-UIUCU - c:\docume~1\ALEXAN~1\LOCALS~1\Temp\UIUCU.EXE
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-24 20:19
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(4752)
c:\program files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll
c:\documents and settings\Alexandre\Application Data\Dropbox\bin\DropboxExt.3.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Logitech\QuickCam10\COCIManager.exe
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
.
**************************************************************************
.
Heure de fin: 2009-12-24 20:25:18 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-12-25 01:25

Avant-CF: 149 678 092 288 octets libres
Après-CF: 149 817 798 656 octets libres

- - End Of File - - 61C5F0EDFF6C9DD6597CFB162D27C713
________________________________________________________

Y-a-t-il autres choses à faire? Merci!

jeanmimigab · le 25 Déc 2009 12:25

bonjours,

combofix à bien bosser, les deux drivers infecté ont étés réparés :wink:

ton anti virus ne devrait plus t'alerter avec les driver atapy.sys et cdrom.sys
Par contre j'attire ton attention sur la présence de RKFree, pour certains trojan c'est du pain bénis (il n'y a plus qu'a se servir!!), c'est un peu comme laisser son numéro de carte bleu dans son portefeuille :roll:

il reste des fichiers infectieux sur ton pc....fait cela stp

> crées un nouveau document texte sur ton bureau
> pour cela fais un clic-droit sur le bureau > Nouveau > document texte > copies et colles le contenu de la citation ci-dessous à l'intérieur

KillAll::

ADS::
C:\Documents and Settings\All Users\Application Data\TEMP:C8F820DC

Collect::
c:\windows\Qqugilulokuzoxuf.dat
C:\WINDOWS\edunazobesitefes.dll

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aguxavowiyelukig"=-

FileLook::
c:\windows\Dtehikuw.bin

Respect à la lettre la procédure d'enregistrement suivante,c'est très important

> ensuite cliques sur "fichier" > "enregistrer sous..."
> dans la fenêtre d'enregistrement choisis le bureau comme destination > dans type choisis tous les fichiers > et dans nom du fichier tape CFScript.txt > ensuite cliques sur "enregistrer" et fermes le document texte.

> fait un glissé/déposé(clic-gauche enfoncé sur CFScript.txt et tu fais glisser) de ce fichier CFScript.txt sur le fichier Combofix.exe comme sur cette capture.

> une fenêtre bleue va apparaître,suis les instructions

patientes le temps du scan. Le bureau va disparaître à plusieurs reprises,c'est normal!
> Ne touches à rien tant que le scan n'est pas terminé
> Vers la fin du scan, une fenêtre va peut être apparaître et t'indiquer que combofix doit uploader des fichiers, si c'est le cas,cliques sur "ok" et patiente jusqu'à la fin du scan

> Une fois le scan achevé, un rapport va s'afficher, ferme le...

Ensuite très important...

Redémarres ton pc une nouvelle fois... et postes le rapport qui se trouve à cet emplacement C:\ComboFix.txt

@++

bluebeck · le 25 Déc 2009 20:57

La saga se continue, : )

ComboFix 09-12-24.02 - Alexandre 2009-12-25 14:39:35.3.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.2.1036.18.1918.1314 [GMT -5:00]
Lancé depuis: c:\documents and settings\Alexandre\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Alexandre\Bureau\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

file zipped: c:\windows\Qqugilulokuzoxuf.dat
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Qqugilulokuzoxuf.dat

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-11-25 au 2009-12-25 ))))))))))))))))))))))))))))))))))))
.

2009-12-24 23:13 . 2009-12-24 23:14 -------- d-----w- C:\tdsskiller
2009-12-24 03:43 . 2009-12-03 21:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-24 03:43 . 2009-12-24 03:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-24 03:43 . 2009-12-03 21:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-07 14:24 . 2009-12-09 03:13 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-25 19:46 . 2009-11-08 04:03 -------- d-----w- c:\documents and settings\Alexandre\Application Data\Dropbox
2009-12-25 06:39 . 2009-10-02 21:27 -------- d-----w- c:\documents and settings\Alexandre\Application Data\CmapTools
2009-12-24 05:17 . 2009-10-04 19:30 0 ----a-w- c:\windows\Dtehikuw.bin
2009-12-22 07:49 . 2007-10-03 04:29 -------- d-----w- c:\documents and settings\Alexandre\Application Data\LimeWire
2009-12-18 22:29 . 2009-10-26 00:36 -------- d-----w- c:\program files\eMusic Download Manager
2009-12-18 22:29 . 2009-10-26 00:36 -------- d-----w- c:\documents and settings\Alexandre\Application Data\eMusic
2009-12-17 22:23 . 2009-06-24 18:45 -------- d-----w- c:\documents and settings\Alexandre\Application Data\gtk-2.0
2009-12-17 19:53 . 2009-09-09 19:18 37048 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-17 19:04 . 2007-09-29 14:04 57992 ----a-w- c:\documents and settings\Alexandre\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-11 17:10 . 2009-12-11 17:10 2065688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-12-09 23:14 . 2006-03-02 12:00 528154 ----a-w- c:\windows\system32\perfh00C.dat
2009-12-09 23:14 . 2006-03-02 12:00 92210 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-26 01:32 . 2009-12-11 17:10 3514648 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-11-26 01:32 . 2009-12-11 17:10 2029336 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe
2009-11-16 04:38 . 2008-06-01 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-11-08 04:04 . 2009-11-08 04:04 89962 ----a-w- c:\documents and settings\Alexandre\Application Data\Dropbox\bin\Uninstall.exe
2009-10-29 07:44 . 2006-03-02 12:00 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:44 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:44 . 2006-03-02 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:39 . 2006-03-02 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:39 . 2006-03-02 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2006-03-02 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-18 02:50 . 2009-10-18 02:50 1925024 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2009-10-13 10:33 . 2006-03-02 12:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:39 . 2006-03-02 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:39 . 2006-03-02 12:00 150528 ----a-w- c:\windows\system32\rastls.dll
2009-10-09 19:57 . 2009-10-09 19:57 40 ----a-w- c:\documents and settings\Alexandre\language.dat
2009-10-09 01:18 . 2009-10-09 01:18 26805255 ----a-w- c:\documents and settings\Alexandre\Application Data\Dropbox\bin\Dropbox.exe
2009-10-08 21:18 . 2009-10-08 21:18 499712 ----a-w- c:\documents and settings\Alexandre\Application Data\Dropbox\bin\msvcp71.dll
2009-10-08 21:18 . 2009-10-08 21:18 348160 ----a-w- c:\documents and settings\Alexandre\Application Data\Dropbox\bin\msvcr71.dll
2009-10-08 21:18 . 2009-10-08 21:18 77824 ----a-w- c:\documents and settings\Alexandre\Application Data\Dropbox\bin\DropboxExt.3.dll
2009-09-27 14:30 . 2009-09-27 14:30 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\Dtehikuw.bin ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 0
Created time: 2009-10-04 19:30
Modified time: 2009-12-24 05:17
MD5: D41D8CD98F00B204E9800998ECF8427E
SHA1: DA39A3EE5E6B4B0D3255BFEF95601890AFD80709

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\documents and settings\Alexandre\Application Data\Dropbox\bin\DropboxExt.3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\documents and settings\Alexandre\Application Data\Dropbox\bin\DropboxExt.3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18 77824 ----a-w- c:\documents and settings\Alexandre\Application Data\Dropbox\bin\DropboxExt.3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"Ink Monitor"="c:\program files\EPSON\Ink Monitor\InkMonitor.exe" [2004-05-05 262210]
"EPSON Stylus CX6600 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE" [2004-03-01 98304]
"BellCanada_McciTrayApp"="c:\program files\BellCanada\McciTrayApp.exe" [2007-11-19 1468928]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-06 185896]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]
"LVCOMSX"="c:\program files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-11 2043160]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Alexandre\Menu D‚marrer\Programmes\D‚marrage\
Dropbox.lnk - c:\documents and settings\Alexandre\Application Data\Dropbox\bin\Dropbox.exe [2009-10-8 26805255]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-18 22:04 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-12-23 22:05 143360 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 02:33 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-06 02:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 19:40 155648 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-10-22 16:22 7700480 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-10-22 16:22 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-10-22 16:22 1622016 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 19:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-09-11 20:54 16844800 ----a-w- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Documents and Settings\\Alexandre\\Mes documents\\eMule\\emule.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\IHMC CmapTools\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-06-01 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-06-01 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-06 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-06 297752]
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\d61cnbj6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {CD90268F-2089-4303-BF08-5AEB2EAE0EA0} - c:\documents and settings\Alexandre\Local Settings\Application Data\{CD90268F-2089-4303-BF08-5AEB2EAE0EA0}
FF - HiddenExtension: XULRunner: {9AE551A3-8BDE-4FBF-B7A7-E20E53EA0D5F} - c:\documents and settings\Alexandre\Local Settings\Application Data\{9AE551A3-8BDE-4FBF-B7A7-E20E53EA0D5F}\
FF - HiddenExtension: XULRunner: {52D7AAF7-2069-44D5-94E3-D43EDECB1179} - c:\documents and settings\Alexandre\Local Settings\Application Data\{52D7AAF7-2069-44D5-94E3-D43EDECB1179}
FF - HiddenExtension: XULRunner: {3DF8B8B1-2913-4754-B9B7-EAA96A23FFD3} - c:\documents and settings\Alexandre\Local Settings\Application Data\{3DF8B8B1-2913-4754-B9B7-EAA96A23FFD3}
FF - HiddenExtension: XULRunner: {31ECFE49-3A8B-42EB-9B9B-B57CF1963569} - c:\documents and settings\Alexandre\Local Settings\Application Data\{31ECFE49-3A8B-42EB-9B9B-B57CF1963569}
FF - HiddenExtension: XULRunner: {EA6828F6-BFD3-4A82-ABD5-0713161DBB71} - c:\documents and settings\Alexandre\Local Settings\Application Data\{EA6828F6-BFD3-4A82-ABD5-0713161DBB71}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-25 14:47
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(8116)
c:\program files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll
c:\documents and settings\Alexandre\Application Data\Dropbox\bin\DropboxExt.3.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\system32\nvsvc32.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Logitech\QuickCam10\COCIManager.exe
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
.
**************************************************************************
.
Heure de fin: 2009-12-25 14:51:35 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-12-25 19:51
ComboFix2.txt 2009-12-25 01:25

Avant-CF: 149 613 592 576 octets libres
Après-CF: 149 589 528 576 octets libres

- - End Of File - - E0332696F187B29880304034C0F33D80

jeanmimigab · le 26 Déc 2009 03:19

hello,

Nickel... :wink:

Supprime manuellement ce fichier en gras >>> c:\windows\Dtehikuw.bin et vide ta corbeille...

pour la mise à jour de ta version Java qui comporte des failles de sécurités...suis ce petit tuto sympa
freewares-tutos.blogspot.com...

Il nous reste a désinstaller de manière automatique tous les outils utilisés pour la désinfection...

pour cela...

télécharge >>> ToolsCleaner <<< (de A.Rothstein & dj QUIOU)

fait un double-clique dessus pour lancer le programme

Clique sur Recherche et laisse le scan se terminer (il peut durer une dizaine de minutes au maximum).

une fois la recherche lancée, ne clique pas dans la fenêtre, cela provoquerait un léger bug du programme.

Si toutes fois la mention (ne réponds pas) apparaissait dans le titre de la fenêtre ToolsCleaner, ne t'en occupes pas et laisse quand même le programme terminer son travail

Poste moi le rapport qui apparait

Attends mon feu vert pour cliquer sur Suppression

@++ :wink:

Notre ami

bluebeck · le 29 Déc 2009 02:05

Salut, alors voici le rapport Toolscleaner:

[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\Combofix.txt: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\Alexandre\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Alexandre\Mes documents\Téléchargements\HijackThis.exe: trouvé !
C:\Documents and Settings\Alexandre\Mes documents\Téléchargements\hijackthis.log: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Qoobox\Quarantine\catchme.log: trouvé !
C:\WINDOWS\msnfix.txt: trouvé !
C:\WINDOWS\mbr.exe: trouvé !

________________________________________

Est-ce ok pour la suppression? Merci de ton aide! : )

jeanmimigab · le 29 Déc 2009 10:17

hello,

c'est bon , tu peux cliquer sur Suppression

une fois cela terminé, supprimes manuellement les fichiers suivants:

- (emplacement de ton choix) \ ToolsCleaner.exe (le fichier que tu as télécharger)
- C:\TCleaner.txt
- C:\Quoobox (si tu le trouve)

ensuite...

Il faut purger ta Restauration du système pour qu'elle soit exempte d'infections.
pour ce faire clique simultanément sur les touches Windows + Pause du clavier.puis coche la case
indiquée(désactiver la restauration.....)>>Appliquer>>Ok.Redémarre l'ordi>>maintenant décoche la case(désactiver la restauration.....)>>Appliquer>>Ok.

Ne pas oublier de créer un point de restauration après cette manip.

Pour ce faire Démarrer>>Exécuter>>saisir: restore/rstrui.exe valider par Entrée>>
cocher Créer un point de restauration>>cliquer sur Suivant

Saisir un nom(par exemple "pc propre") pour le point de restauration puis cliquer sur Créer.

voili voilou passe de bonnes fêtes :wink:

@++

Notre ami

bluebeck · le 01 Jan 2010 02:15

Tout est fait, tout est réglé! Merci bcp pour ton aide. Joyeuses Fêtes à toi!

jeanmimigab · le 01 Jan 2010 11:42

hello,

De rien,c'était un plaisir :wink:

[Réglé]Trojan Horse Downloader Generic/Virus id Packed.prot

[Réglé]Trojan Horse Downloader Generic/Virus id Packed.prot

Re: Trojan Horse Downloader Generic/Virus identified Packed.prot

Re: Trojan Horse Downloader Generic/Virus identified Packed.prot

Re: Trojan Horse Downloader Generic/Virus identified Packed.prot

Re: Trojan Horse Downloader Generic/Virus identified Packed.prot

Re: Trojan Horse Downloader Generic/Virus identified Packed.prot

Re: Trojan Horse Downloader Generic/Virus identified Packed.prot

Re: Trojan Horse Downloader Generic/Virus identified Packed.prot

Re: Trojan Horse Downloader Generic/Virus identified Packed.prot

Re: Trojan Horse Downloader Generic/Virus identified Packed.prot

Re: Trojan Horse Downloader Generic/Virus identified Packed.prot

Re: Trojan Horse Downloader Generic/Virus identified Packed.prot

Re: Trojan Horse Downloader Generic/Virus identified Packed.prot

Re: Trojan Horse Downloader Generic/Virus identified Packed.prot

Sujets similaires

Qui est en ligne